this post was submitted on 11 Aug 2024
265 points (95.5% liked)

Technology

59374 readers
7248 users here now

This is a most excellent place for technology news and articles.


Our Rules


  1. Follow the lemmy.world rules.
  2. Only tech related content.
  3. Be excellent to each another!
  4. Mod approved content bots can post up to 10 articles per day.
  5. Threads asking for personal tech support may be deleted.
  6. Politics threads may be removed.
  7. No memes allowed as posts, OK to post as comments.
  8. Only approved bots from the list below, to ask if your bot can be added please contact us.
  9. Check for duplicates before posting, duplicates may be removed

Approved Bots


founded 1 year ago
MODERATORS
 

Am I missing something? The article seems to suggest it works via hidden text characters. Has OpenAI never heard of pasting text into a utf8 notepad before?

you are viewing a single comment's thread
view the rest of the comments
[–] [email protected] 42 points 3 months ago* (last edited 3 months ago) (3 children)

They could inject random zero width non joiners to help detection too. Easy to defeat, but something a layperson would have to go through extra effort to filter out. Kinda like how some plagiarism cases have been won by pointing out identical misspelled words.

[–] [email protected] 6 points 3 months ago (2 children)

Yeah, no chance they'd rely on something that would be so easy to defeat. Watermarking by using word patterns is far more likely.

Still easy to defeat by just using another LLM to rephrase it though.

[–] [email protected] 4 points 3 months ago (1 children)

It's one of many things they could do just like how security is a layers thing.

[–] [email protected] 2 points 3 months ago

They could, but adding random zero width characters into words would also destroy ever spell checker, giving it away immediately and making sure that even unaware people would filter it. Doing it outside the words would leave them with too few spots to use for proper watermarking.

I think it's far more likely they'll use some kind of pattern in the tokens - that way the watermark will remain even when you don't copypaste it.

But yeah, as said, they will never tell how it's implemented, but it can still be simply subverted.